Security and the browser

Keyboard Shortcuts

The browser platform is historically insecure. HTML5 has only made it more vulnerable. Doug outlines a number of the vulnerabilities presented by building applications in the browser. This includes the ability for an attacker to read the document, alter the display, and access database information.

(dramatic music)…- So that brings us to the browser.…The browser platform is horribly insecure.…We are still fixing it later…after over 20 years.…HTML5 made things worse instead of better…by providing powerful new capabilities…to the attacker without mitigating…any of the preexisting weaknesses…and yet it is still the world's…best application delivery system.…It is better than everything else…including systems that were designed after the web.…

Everybody refused to learn the web's lessons.…One of the things that the web got right…that virtually every other platform…has gotten wrong is the web does not…have a blame the victim security model.…A very common thing in systems is…that if a system has to make…a decision about security and does not…have enough information to make…a correct decision, it will ask the user.…It will ask the user in language…that the user cannot understand.…If the user says no, then it fails.…

If the user says yes, it is the user's fault…for giving up their security.…This is not a valid model of security.…

Resume Transcript Auto-Scroll

Author

Released

5/19/2017

This course helps identify the value of using JavaScript for web-based programming. First, learn the history of JavaScript, the details of the language, and get an overview of how browsers and servers work. Next, because this course gives special attention to functions—which is where the power of the language is hidden—dive into best practices, working with closures, inheritance, and patterns. Discover how JavaScript and HTML interact by exploring script tags, tree structures, node retrieval, event handling, and DOM performance. Some new features related to ES5 and ES6 are covered. Then, find out how you can follow security principles to protect against attacks. Finally, learn about asynchronous functions, JSON, and how to capitalize on the best parts of JavaScript.

This course was created by Frontend Masters. It was originally released on 6/20/2016. We're pleased to host this training in our library.